CVE-2026-26204 - Vulnerability Analysis
MediumCVSS: 4.4Last Updated: April 30, 2026
Wazuh - Denial of Service
Published: April 29, 2026Updated: April 30, 2026PoC Available
Overview
Wazuh 1.0.0 to < 4.14.4 contains a heap-based out-of-bounds write caused by unsigned integer underflow in GetAlertData, letting a compromised agent cause denial of service or heap corruption, exploit requires compromised agent.
Severity & Score
Severity: Medium
CVSS Score: 4.4
Impact
A compromised agent can cause denial of service or heap corruption, potentially disrupting system operations.
Mitigation
Upgrade to version 4.14.4 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-26204
- Severity
- Medium
- CVSS Score
- 4.4
- Type
- out_of_bounds_rw
- Status
- confirmed
CWE
- CWE-124
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H